Source: frr Version: 10.4.1-3 Severity: important Tags: security upstream Forwarded: https://github.com/FRRouting/frr/issues/19471 X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for frr. CVE-2025-61099[0]: | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a | NULL pointer dereference via the opaque_info_detail function at | ospf_opaque.c. This vulnerability allows attackers to cause a Denial | of Service (DoS) via a crafted LS Update packet. CVE-2025-61100[1]: | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a | NULL pointer dereference via the ospf_opaque_lsa_dump function at | ospf_opaque.c. This vulnerability allows attackers to cause a Denial | of Service (DoS) under specific malformed LSA conditions. CVE-2025-61101[2]: | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a | NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr | function at ospf_ext.c. This vulnerability allows attackers to cause | a Denial of Service (DoS) via a crafted OSPF packet. CVE-2025-61102[3]: | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a | NULL pointer dereference via the show_vty_ext_link_adj_sid function | at ospf_ext.c. This vulnerability allows attackers to cause a Denial | of Service (DoS) via a crafted OSPF packet. CVE-2025-61105[4]: | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a | NULL pointer dereference via the show_vty_link_info function at | ospf_ext.c. This vulnerability allows attackers to cause a Denial of | Service (DoS) via a crafted OSPF packet. The upstream issue[5] and pull[6] request are yet open upstream. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-61099 https://www.cve.org/CVERecord?id=CVE-2025-61099 [1] https://security-tracker.debian.org/tracker/CVE-2025-61100 https://www.cve.org/CVERecord?id=CVE-2025-61100 [2] https://security-tracker.debian.org/tracker/CVE-2025-61101 https://www.cve.org/CVERecord?id=CVE-2025-61101 [3] https://security-tracker.debian.org/tracker/CVE-2025-61102 https://www.cve.org/CVERecord?id=CVE-2025-61102 [4] https://security-tracker.debian.org/tracker/CVE-2025-61105 https://www.cve.org/CVERecord?id=CVE-2025-61105 [5] https://github.com/FRRouting/frr/issues/19471 [6] https://github.com/FRRouting/frr/pull/19480 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
